The article covers sample POC use сases.
CMDB
Discover CSP* assets using API.
Create workflow to take action e.g. Slack notification when asset meets required criteria such as missing tag.
Create convenient list views to show publicly accessible resources e.g S3 Buckets
Create a custom field on CSP asset to denote customer specific attributes e.g. customer's Cost Center.
Propagate custom field e.g. Department from CSP Account object to every other asset under that account
Associate all CSP assets with asset resource groups based on asset name/tag values.
Create a custom object e.g. customer's Cluster and associate all assets with it based on name/tag values.
Demonstrate ability to show details about assets that have been terminated over a certain period of time e.g. over 24 hours ago.
Demonstrate ability to create dependency maps between assets.
Demonstrate ability to create tickets in other issue management systems e.g. JIRA once an asset meets required criteria, such as the CSP limit reaches 90%.
Demonstrate CMDB integration with cloud monitoring services by showing CPU, Disk, Network activity for every asset in CMDB.
Demonstrate ability to discover and import operating system level data into CMDB, such as running services, users and installed software.
Create CSP assets count trending report.
Create a dashboard to show how much infrastructure is deployed across different CSP regions/locations.
Demonstrate ability to show customer’s tagging coverage across different CSP assets.
Demonstrate ability to tag customer’s assets from Cloudaware UI.
Create reports that break down assets based on customer tags.
Build and schedule reports to show assets missing tags.
*Cloud Service Provider, e.g. AWS, Azure, GCP, Heroku, etc.
Change Management
Create an approval process when a CSP asset meets required criteria such as a new User without MFA.
Show timeline of changes for CSP assets.
Cost Management
Show cost of individual CSP assets.
Show cost of applications and resource groups.
Create a dashboard that allows users to explore cost by CSP standard and custom attributes e.g product, service, application tag, department tag.
Show all expenditures that are not associated with any application.
Demonstrate ability to optimize costs e.g. using rightsizing and policies that look for idling and underutilized resources.
Show optimal reservations based on current instances.
Demonstrate ability to forecast spending for 1, 3, and 6 months out.
Create workflow to take an action e.g. Email alert when asset cost exceeds certain limit e.g. MTD spend reached 75% of last month spend.
Security
Demonstrate ability to identify deviations from CSP security best practices such as Public S3 Buckets or User without MFA.
Demonstrate ability to deploy vulnerability scanning agent, e.g. Nessus, and perform scans.
Show what patches are missing, pending and have been installed on any Linux or Windows host.
Deploy host based intrusion detection agents onto a host.
Show most vulnerable hosts based on vulnerability scan results, missing patching, exposed ports and running software.
Create a workflow to send out Email/SNS/Slack notification when a non-standard port is open to the internet.
Compliance Engine
Demonstrate Templates Library and ability to deploy compliance policies from built-in policy templates.
Demonstrate Policy List to overview all deployed policies.
Show how the results of the policy can be understood.
Demonstrate the ability to clone and edit a policy in Policy Editor, or create a new custom policy from scratch.
Create a report to show Compliance Engine Policy Violations.
Create a workflow to send out Email/JIRA/Slack notification when a new compliance policy violation is detected.
Demonstrate ability to deploy CIS Benchmarks.
Show how the policy results should be treated (tabs 'Related Objects' and 'Statistic History').
Create CIS Benchmarks dashboard to view compliance by different attributes (cloud account, policy type and name, lifetime interval of incompliances, historical trend).
Create a workflow to send out Email/JIRA/Slack notification when a new incompliant benchmark check is found.
Monitoring
Demonstrate integration with monitoring tools (NewRelic, AppDynamics, Datadog, Zabbix, Pingdom, SolarWinds, Sensu, Nagios):
Shows assets monitored.
Retrieve monitoring telemetry.
Map incidents to assets.
Show assets with the highest number of incidents.
Display ability to group incidents into cases based on certain criteria e.g. Zabbix Condition ID.
Set up SNS/Slack/Email alerts for newly created incidents that meet certain criteria e.g. high severity incidents.
Log Management
Demonstrate ability to automatically discover, store and display different types of logs (cloud and host level).
Show examples of sample queries to search for specific logs.
Demonstrate ability to detect logs anomalies.
Demonstrate ability to send alerts based on specific criteria (optional).
Backup and Replication
Demonstrate ability to set up backup policies on AWS EC2, RDS, RDS Clusters, S3 Buckets, and Google Disks.
Demonstrate ability to display backup health on an overview dashboard and CI.
Demonstrate ability to set up a certain backup retention period.
Explain how EC2 images replication can be set up using tags.
Create a workflow to send alerts on failed backups.